IETF Logo Mail Archive

Re: [Cfrg] I-D Action: draft-irtf-cfrg-eddsa-03.txt

Ilari Liusvaara <ilariliusvaara@welho.com> Wed, 02 March 2016 15:47 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDD551A89F6 for <cfrg@ietfa.amsl.com>; Wed, 2 Mar 2016 07:47:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.006] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OM2sImHl3nmA for <cfrg@ietfa.amsl.com>; Wed, 2 Mar 2016 07:47:44 -0800 (PST)
Received: from welho-filter3.welho.com (welho-filter3.welho.com [83.102.41.25]) by ietfa.amsl.com (Postfix) with ESMTP id D3D741A89C6 for <cfrg@ietf.org>; Wed, 2 Mar 2016 07:47:43 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter3.welho.com (Postfix) with ESMTP id 36276232E; Wed, 2 Mar 2016 17:47:42 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter3.welho.com [::ffff:83.102.41.25]) (amavisd-new, port 10024) with ESMTP id yT1hYOtQGhtJ; Wed, 2 Mar 2016 17:47:42 +0200 (EET)
Received: from LK-Perkele-V2 (87-100-151-39.bb.dnainternet.fi [87.100.151.39]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id 11A042310; Wed, 2 Mar 2016 17:47:42 +0200 (EET)
Date: Wed, 02 Mar 2016 17:47:36 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Mike Hamburg <mike@shiftleft.org>
Message-ID: <20160302154736.GA11538@LK-Perkele-V2.elisa-laajakaista.fi>
References: <20160301203045.7965.96931.idtracker@ietfa.amsl.com> <20160301203537.GA9591@LK-Perkele-V2.elisa-laajakaista.fi> <D2FBAE74.64C1C%kenny.paterson@rhul.ac.uk> <60F50611-03D1-4FD5-9A03-8D4C658B0DEC@shiftleft.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <60F50611-03D1-4FD5-9A03-8D4C658B0DEC@shiftleft.org>
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: ilariliusvaara@welho.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/X2kVu2NHM7mby8nIdUa4C9Fu4Tg>
Cc: "cfrg@ietf.org" <cfrg@ietf.org>
Subject: Re: [Cfrg] I-D Action: draft-irtf-cfrg-eddsa-03.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2016 15:47:46 -0000

On Tue, Mar 01, 2016 at 04:25:41PM -0800, Mike Hamburg wrote:
> Hi Simon and Ilari,
> 
> I’m working to implement the draft, and I’m curious about the Ed448ph test vectors.
> 
> They set the private key to 32 bytes:
>    833fe62409237b9d62ec77587520911e
>    9a759cec1d19755b7da901b96dca3d42
> 
> However, the spec says that "The secret key is 57 octets (456 bits, corresponding to b) of cryptographically-secure random data."
> 
> It would of course be secure to use a key length other than 57 bytes for Ed448, prehashed or otherwise.  It’s only the seed to an expansion hash, and could be set at 32 octets without losing meaningful security (or even 28 octets in the single-key setting, but this loses security against multi-key attacks).  However, the spec seems to require 57 bytes.
> 
> Is the test vector missing some bytes, or are Ed448 keys allowed to be other lengths?

Missing some bytes. Thanks for the report.


-Ilari

v2.23.0 | Report a Bug | By Email